Thinkpoint infection

Hi folks,

One of the machines on our home network has come up (or down?) with a Thinkpoint infection that's proving somewhat resistant. In fails-safe mode, I don't have admin status anymore, so the Java update, JavaRa etc. was not possible.

Therefore I cut right to the chase and killed the process with rkill
<--------
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Administrateur on 22/10/2010 at 0:12:29.
Services Stopped:
Processes terminated by Rkill or while it was running:
F:\OTL.com
C:\Documents and Settings\Administrateur\Mes documents\rkill.com
Rkill completed on 22/10/2010 at 0:12:31.
<-----

Then proceeded to run a local copy of OTL downloaded just now for reporting purposes:
<------
OTL logfile created on: 22/10/2010 00:15:26 - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Administrateur\Mes documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 83,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 7,76 Gb Free Space | 19,86% Space Free | Partition Type: NTFS
Drive D: | 426,69 Gb Total Space | 356,20 Gb Free Space | 83,48% Space Free | Partition Type: NTFS
Drive F: | 246,73 Mb Total Space | 12,97 Mb Free Space | 5,26% Space Free | Partition Type: FAT

Computer Name: ANTEC | User Name: Administrateur | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrateur\Mes documents\OTL.com (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrateur\Mes documents\OTL.com (OldTimer Tools)
MOD - C:\WINDOWS\system32\mlang.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (SSHNAS) -- C:\WINDOWS\system32\sshnas21.dll (Trend Micro Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (LightScribeService) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Z-SANService) -- C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe (Zetera Corporation)
SRV - (NMIndexingService) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SFSZ) -- C:\WINDOWS\system32\drivers\sfsz.sys (DataPlow, Incorporated)
DRV - (ZetBus) -- C:\WINDOWS\system32\drivers\ZetBus.sys (Zetera Corporation)
DRV - (ZetSFD) -- C:\WINDOWS\system32\DRIVERS\ZetSFD.sys (Zetera Corporation)
DRV - (ZetMPD) -- C:\WINDOWS\system32\drivers\ZetMPD.sys (Zetera Corporation)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)
DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS (Logitech, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ldlc.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ldlc.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2001/08/28 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (wiseHelper Class) - {410A2A01-AD87-4caf-9759-C5FFC15E27B7} - C:\Documents and Settings\Babette\Local Settings\Application Data\WisePick\wisepiie.dll ()
O2 - BHO: (CDelHotkeys Object) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [owcsenmxar.tmp] C:\Documents and Settings\Babette\Local Settings\Temp\owcsenmxar.tmp (Корпорация Майкрософт)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\seconde-nature-pissenli.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\seconde-nature-pissenli.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/09 11:32:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/22 00:12:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Mes documents\OTL.com
[2010/10/21 23:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Sun
[2010/10/21 20:07:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrateur\IETldCache
[2010/10/21 20:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\InstallShield
[2010/10/21 20:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Identities
[2010/10/21 20:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\ATI
[2010/10/21 20:06:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrateur\Application Data\Microsoft
[2010/10/21 20:06:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Application Data
[2010/10/21 20:06:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Favoris
[2010/10/21 20:06:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrateur\Cookies
[2010/10/21 20:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Bureau
[2010/10/21 20:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\ATI
[2010/10/21 20:06:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft
[2010/10/21 20:06:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Mes images
[2010/10/21 20:06:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Menu Démarrer
[2010/10/21 20:06:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Ma musique
[2010/10/21 20:06:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrateur\Local Settings
[2010/10/21 20:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\PCHealth
[2010/10/21 20:06:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\SendTo
[2010/10/21 20:06:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent
[2010/10/21 20:06:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Mes documents
[2010/10/21 20:06:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrateur\Voisinage réseau
[2010/10/21 20:06:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrateur\Voisinage d'impression
[2010/10/21 20:06:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrateur\Modèles
[2010/10/21 09:42:28 | 000,229,376 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\Hzydua.exe
[2010/10/21 09:42:00 | 000,237,568 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\Hqaxua.exe
[2010/10/21 09:41:40 | 000,421,888 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\sshnas21.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/22 00:13:41 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/22 00:11:35 | 000,510,324 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/10/22 00:11:35 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/22 00:11:35 | 000,084,526 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/10/22 00:11:35 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/22 00:07:34 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\rkill.scr
[2010/10/22 00:07:34 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\rkill.com
[2010/10/22 00:07:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/22 00:06:56 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\rkill.exe
[2010/10/21 23:50:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Mes documents\OTL.com
[2010/10/21 22:59:10 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/10/21 22:59:10 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/10/21 22:59:10 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/21 22:57:33 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/21 22:57:25 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/21 22:39:25 | 080,766,762 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\backup20101021.reg
[2010/10/21 09:42:09 | 000,229,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\Hzydua.exe
[2010/10/21 09:41:50 | 000,237,568 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\Hqaxua.exe
[2010/10/21 09:41:47 | 000,421,888 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\sshnas21.dll
[2010/10/21 09:40:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/20 23:07:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/20 07:41:00 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2010/10/20 07:41:00 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/19 22:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/14 17:30:58 | 000,000,898 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/10/07 08:19:30 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/24 21:49:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/09/24 21:49:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/09/24 20:11:47 | 000,000,137 | ---- | M] () -- C:\WINDOWS\disney.ini
[2010/09/24 12:45:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/09/24 12:45:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/09/23 22:25:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/09/23 22:25:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/09/23 10:31:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/09/23 10:31:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/09/22 22:38:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/09/22 22:38:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/09/22 07:42:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/09/22 07:42:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/22 00:12:21 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\rkill.scr
[2010/10/22 00:12:21 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\rkill.exe
[2010/10/22 00:12:21 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\rkill.com
[2010/10/21 22:38:07 | 080,766,762 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\backup20101021.reg
[2010/10/21 20:06:29 | 000,001,835 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/21 20:06:29 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[2010/10/21 20:06:29 | 000,000,079 | R--- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf
[2010/10/21 20:06:22 | 000,267,126 | ---- | C] () -- C:\Documents and Settings\Administrateur\SilverlightMSI2DAA.txt
[2010/10/21 20:06:22 | 000,009,322 | ---- | C] () -- C:\Documents and Settings\Administrateur\SilverlightUI2DAA.txt
[2010/10/21 09:42:43 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/21 09:42:13 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/10/21 09:42:12 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/10/21 09:41:53 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/11/23 21:47:46 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/10/03 11:43:24 | 000,000,045 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2009/09/28 18:16:44 | 000,000,017 | ---- | C] () -- C:\WINDOWS\KA.INI
[2009/06/30 21:56:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/06/30 21:56:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/06/30 21:56:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/06/30 21:56:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/06/30 21:56:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/06/30 21:56:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/06/23 17:11:15 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2009/06/06 16:52:01 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/01 19:49:52 | 000,000,137 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/03/01 19:49:46 | 000,000,183 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009/02/07 20:49:47 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/01/04 13:56:48 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2008/10/29 21:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/10/18 15:06:14 | 000,000,898 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/29 04:50:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/07/27 20:06:26 | 000,163,927 | ---- | C] () -- C:\WINDOWS\System32\ZSANCoInst.dll
[2008/07/20 11:58:13 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/19 00:40:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/18 23:09:24 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/07/18 23:04:33 | 000,005,598 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/07/18 23:00:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/07/09 14:48:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/09 13:24:31 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/09 11:35:31 | 000,000,532 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/13 11:59:31 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/05/13 11:58:37 | 000,175,968 | ---- | C] () -- C:\WINDOWS\System32\ieawsdc.dll
[2001/07/07 03:00:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== LOP Check ==========

[2009/03/01 19:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buena Vista Games
[2008/08/12 13:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2008/07/19 13:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/07/20 11:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/05/08 20:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/04/27 18:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sega
[2009/02/07 20:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/06/04 22:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/07/18 08:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tyre
[2009/09/08 21:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/10/22 00:13:41 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/10/21 22:57:33 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/21 22:59:10 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/21 22:59:10 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/10/21 22:59:10 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:1E367AF92379D386

< End of report >

OTL Extras logfile created on: 22/10/2010 00:15:26 - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Administrateur\Mes documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 83,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 7,76 Gb Free Space | 19,86% Space Free | Partition Type: NTFS
Drive D: | 426,69 Gb Total Space | 356,20 Gb Free Space | 83,48% Space Free | Partition Type: NTFS
Drive F: | 246,73 Mb Total Space | 12,97 Mb Free Space | 5,26% Space Free | Partition Type: FAT

Computer Name: ANTEC | User Name: Administrateur | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"20001:UDP" = 20001:UDP:*:Enabled:MicroSAN
"80:TCP" = 80:TCP:*:Enabled:Web

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Installation\Setupx.exe" = E:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres -- (Microsoft Corporation)
"C:\Documents and Settings\Babette\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe" = C:\Documents and Settings\Babette\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found
"C:\Documents and Settings\Babette\Local Settings\Temp\hp_webrelease\setup\hponicifs01.exe" = C:\Documents and Settings\Babette\Local Settings\Temp\hp_webrelease\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- File not found
"C:\Documents and Settings\Babette\Local Settings\Temp\usmt\migwiz.exe" = C:\Documents and Settings\Babette\Local Settings\Temp\usmt\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\NETGEAR\SC101 Manager Utility\Client\SCM.exe" = C:\Program Files\NETGEAR\SC101 Manager Utility\Client\SCM.exe:*:Enabled:NETGEAR Storage Central Manager -- File not found
"C:\Program Files\Firefly Studios\CivCity Rome\CivCity Rome.exe" = C:\Program Files\Firefly Studios\CivCity Rome\CivCity Rome.exe:*:Enabled:CivCity Rome -- (Firefly Studios US)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0018542B-3CCD-3CCB-6F20-309BB7F74065}" = CCC Help Finnish
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0152A502-E910-08D1-5829-1BF6DB0FAABA}" = CCC Help Korean
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}" = CIF USB Camera
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0EAE16E4-A8FE-2EC5-1265-5F1ADF629366}" = Catalyst Control Center Localization Russian
"{0EE37940-274A-5396-2AB5-3B87CF5438D1}" = Catalyst Control Center Localization Italian
"{0F455EB4-574E-75D0-71D6-F22E2C607903}" = CCC Help Swedish
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14F4B1E3-8222-0917-8EF1-0C689BB2FD11}" = Catalyst Control Center Localization Spanish
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{172207B1-CD2D-D1FA-D6DD-C67C3E5D6BDC}" = Catalyst Control Center Localization Portuguese
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19FEF6D1-A874-3E8B-1354-306EBB0C1535}" = Catalyst Control Center Localization Turkish
"{200A0EE2-6613-3F67-6A37-0E746AF13426}" = Catalyst Control Center Graphics Light
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24C20DFC-62E4-B5E9-F16E-A40B4775DC11}" = Catalyst Control Center Localization Japanese
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{2540F064-0E0A-E6B1-E798-A6A6769F0D42}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27445334-402E-1DD3-2A8E-157B3FDD8DFD}" = Catalyst Control Center Graphics Full New
"{27711323-1619-E38F-0BCD-83F793F81313}" = Catalyst Control Center Localization Chinese Standard
"{277C18CA-FD73-33C9-7F9E-B969352D67F5}" = CCC Help Thai
"{2A632EBF-8C36-B915-D27C-00DBA8342DA7}" = CCC Help Spanish
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F083AB5-D0DB-32FF-A502-280EAAE8526D}" = ccc-utility
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{31C0D5C9-CCDD-D524-F3BF-163AAB191DAB}" = CCC Help Norwegian
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35638C05-3023-E278-5531-90370441E316}" = Catalyst Control Center Localization Danish
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{421DD611-8CB9-5828-B0A0-BAD7F2B48895}" = CCC Help Polish
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{47D5FC32-84B9-6F7A-67E9-0FF5BCC90275}" = Catalyst Control Center Localization Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AD045DF-11AA-473D-B4AA-2A4F0E213047}" = Google SketchUp 7
"{5BA902B4-EE8E-24A7-5084-88B3420692E6}" = Catalyst Control Center Localization Swedish
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E85D12-F38B-A190-D29A-E750C1D59ADF}" = Catalyst Control Center Localization Dutch
"{78DACA0C-1814-5223-3FE9-CE604F395B8A}" = ccc-core-preinstall
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7D808B5B-07F2-F415-C772-C3EA0C07106B}" = Catalyst Control Center Localization Czech
"{7DA96093-CB05-0378-EA6A-839C8605B5B7}" = Catalyst Control Center Localization Korean
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{808778F1-0454-729C-21E1-7E55D910698D}" = CCC Help Hungarian
"{82E79D6C-0D9A-8E90-02A9-25983F38526B}" = CCC Help Italian
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{850A5DA7-08CD-CBCE-843E-65A268E596E9}" = CCC Help Danish
"{85331BEE-9E95-9FC0-780C-F6FB470FAD1C}" = Catalyst Control Center Localization French
"{876A4C7A-412A-40b8-9DCF-B04D2339B73E}" = c7100_Help
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89982361-53E6-5316-6AD6-0C1F47BDB300}" = Catalyst Control Center Localization German
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E72B982-D54F-486F-B35A-C24B6F171036}" = Nero 7 Essentials
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9160E5F1-8580-D540-97DC-BE509BD1D3FD}" = Catalyst Control Center Localization Norwegian
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo XPack (DVD Only)
"{93A38BD2-C307-7B00-CF94-26E1CCFDB1F8}" = CCC Help Russian
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994E24A6-EC47-4201-8D0B-D4563B7AD66B}" = CivCity
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3672E1B-021F-4F50-A891-609471CCF941}" = NETGEAR Storage Central Manager Utility
"{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}" = Microsoft Antimalware Service FR-FR Language Pack
"{A4D79CE9-A3DA-D533-F6AC-83A9B5492B35}" = CCC Help English
"{A7B279F4-E9B0-470F-A6A0-54C31C340DBC}" = C7100
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA369F6D-9D75-25A0-B8E1-FF4743091E5F}" = Catalyst Control Center Core Implementation
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{AE3B0098-650F-2619-CDFA-D4D9A1840C54}" = Catalyst Control Center Localization Chinese Traditional
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B50CF613-F021-3F29-8504-A5408A8DE20B}" = Catalyst Control Center Localization Hungarian
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C355B4BD-8422-FF86-E642-1374C673932B}" = Catalyst Control Center Localization Greek
"{C59ADB1C-0403-4A11-8930-9F81ABC71908}" = Synology Assistant
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2A0339-E3CF-6682-47EE-34C2865076A0}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CD4E2B12-EBE2-1AFC-3BFF-6C702FEE17A8}" = CCC Help Turkish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D3FCE2E4-3AD7-42A4-A477-6D810370D3B8}" = CCC Help Greek
"{D6177030-AEA2-D281-D53A-3A2291B996E3}" = Catalyst Control Center Localization Finnish
"{D6A24217-6B64-3CA8-F8E8-60AC787B83CF}" = CCC Help French
"{D726F7AF-24D7-5771-77B2-7152E1A5CAAD}" = CCC Help Chinese Traditional
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DC03D03B-621E-924C-F43F-2EE7CAC8401C}" = CCC Help Dutch
"{E44EFD52-4FCB-0EEE-6A6D-49ECE079EBCC}" = Skins
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E644CEDB-3401-3541-1F27-4655514C1505}" = CCC Help Japanese
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{EEA897CE-2BD5-85E1-D9B3-9E69F7E9563A}" = CCC Help Czech
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F2B27F44-78BE-96F6-4D86-CFBC3308CC74}" = CCC Help German
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F38C8227-A19D-5C9B-0FFD-9778C4F89F24}" = ccc-core-static
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer
"{FD8094C0-BA8D-E3C4-4D9E-25CB751A2BFF}" = Catalyst Control Center Localization Polish
"{FE0F9BE3-598B-1EF6-5B66-9E89F74A3E04}" = CCC Help Chinese Standard
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF8157AA-F640-45BD-B7C2-BAA1016B267A}" = palmOne
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"ATI Display Driver" = ATI Display Driver
"Belarc Advisor" = Belarc Advisor 8.1
"CCleaner" = CCleaner
"CobBackup9" = Cobian Backup 9
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Delicious Add-on for Internet Explorer" = Delicious Add-on for Internet Explorer
"Google Chrome" = Google Chrome
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSNINST" = MSN
"OpenAL" = OpenAL
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"RETZ" = RETZ
"ThumbsPlus6" = ThumbsPlus version 6.0
"ThumbsPlus7" = ThumbsPlus version 7 SP2
"TomTom HOME" = TomTom HOME 2.7.5.2014
"Tyre_is1" = Tyre
"Windows Media Player" = Lecteur Windows Media 11
"WisePick" = WisePick

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/09/2010 11:02:51 | Computer Name = ANTEC | Source = Application Error | ID = 1000
Description = Application défaillante wmplayer.exe, version 11.0.5721.5145, module
défaillant ntdll.dll, version 5.1.2600.5755, adresse de défaillance 0x00010a19.

Error - 03/10/2010 07:08:00 | Computer Name = ANTEC | Source = Application Error | ID = 1000
Description = Application défaillante wmplayer.exe, version 11.0.5721.5145, module
défaillant ntdll.dll, version 5.1.2600.5755, adresse de défaillance 0x0001b21a.

Error - 08/10/2010 08:34:51 | Computer Name = ANTEC | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x054aa611.

Error - 09/10/2010 13:28:19 | Computer Name = ANTEC | Source = Application Error | ID = 1000
Description = Application défaillante wmplayer.exe, version 11.0.5721.5145, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x0587aac1.

Error - 17/10/2010 06:25:39 | Computer Name = ANTEC | Source = Application Error | ID = 1000
Description = Application défaillante photoed.exe, version 3.0.2.3, module défaillant
photoed.exe, version 3.0.2.3, adresse de défaillance 0x0002de39.

Error - 21/10/2010 14:08:29 | Computer Name = ANTEC | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 21/10/2010 14:08:38 | Computer Name = ANTEC | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 21/10/2010 17:53:08 | Computer Name = ANTEC | Source = MsiInstaller | ID = 1008
Description = L'installation de C:\Documents and Settings\Administrateur\Application
Data\Sun\Java\jre1.6.0_22\jre1.6.0_22.msi n'est pas autorisée en raison d'une erreur
lors du traitement de la stratégie de restriction logicielle. La confiance en l'objet
ne peut pas être établie.

Error - 21/10/2010 17:54:09 | Computer Name = ANTEC | Source = MsiInstaller | ID = 1008
Description = L'installation de C:\Documents and Settings\Administrateur\Application
Data\Sun\Java\jre1.6.0_22\jre1.6.0_22.msi n'est pas autorisée en raison d'une erreur
lors du traitement de la stratégie de restriction logicielle. La confiance en l'objet
ne peut pas être établie.

Error - 21/10/2010 18:00:43 | Computer Name = ANTEC | Source = MsiInstaller | ID = 1008
Description = L'installation de C:\Documents and Settings\Administrateur\Application
Data\Sun\Java\jre1.6.0_22\jre1.6.0_22.msi n'est pas autorisée en raison d'une erreur
lors du traitement de la stratégie de restriction logicielle. La confiance en l'objet
ne peut pas être établie.

[ System Events ]
Error - 21/10/2010 18:08:35 | Computer Name = ANTEC | Source = Service Control Manager | ID = 7001
Description = Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a
pas pu démarrer en raison de l'erreur : %%31

Error - 21/10/2010 18:08:35 | Computer Name = ANTEC | Source = Service Control Manager | ID = 7001
Description = Le service Client DNS dépend du service Pilote du protocole TCP/IP
qui n'a pas pu démarrer en raison de l'erreur : %%31

Error - 21/10/2010 18:08:35 | Computer Name = ANTEC | Source = Service Control Manager | ID = 7001
Description = Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a
pas pu démarrer en raison de l'erreur : %%31

Error - 21/10/2010 18:08:35 | Computer Name = ANTEC | Source = Service Control Manager | ID = 7001
Description = Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas
pu démarrer en raison de l'erreur : %%31

Error - 21/10/2010 18:08:35 | Computer Name = ANTEC | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : AFD AmdK8 BANTExt Fips IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 21/10/2010 18:08:38 | Computer Name = ANTEC | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 21/10/2010 18:09:31 | Computer Name = ANTEC | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman
avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 21/10/2010 18:10:24 | Computer Name = ANTEC | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 21/10/2010 18:12:45 | Computer Name = ANTEC | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman
avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 21/10/2010 18:13:02 | Computer Name = ANTEC | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

And here things are at present.
Thanks for your advice, if any of this makes sense?
Regards,
Christian

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

OK this seems to have had some effect - the Thinkpoint warning is no longer showing up, after five runs with Anti-malware, including the last three from a regular Win session, after last reboot. In the interim I also started showing various screens on Antimalware Doctor, same modus operandus. Whats next? Now however everything's clean, and I've regained full control, and MS Security Essentials is reinstated. I'm running a full scan on MSSE to be sure, and will follow up with regular scans with MBAM.

Thanks, great help, have recommended to tech friends.

Will report further developments if any on this same thread.

K

Please post the MBAM log.

OK, here's the latest log, freshly generated.

thanks!

<----------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4920

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/10/2010 06:59:45
mbam-log-2010-10-23 (06-59-45).txt

Scan type: Quick scan
Objects scanned: 167664
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Great - I'll take these steps as soon as I'm back - early November. Will keep you posted.

Christian

OK, I'm having another go at cleaning up this machines, as per your instructions above. Starting anew (December 26, 2010) four problems detected and deleted:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5400

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/12/2010 22:44:34
mbam-log-2010-12-26 (22-44-34).txt

Scan type: Quick scan
Objects scanned: 186110
Time elapsed: 9 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{fd16d053-9fe3-4bc1-bbdf-4d0fe927b9b2} (Adware.LastShopping) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Babette\Local Settings\Temp\setup2097134848.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Babette\Local Settings\Temp\setup2129909056.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Then, MAM run again on same day, as well as today, detecting no further problems:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5409

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/12/2010 20:47:44
mbam-log-2010-12-28 (20-47-44).txt

Scan type: Quick scan
Objects scanned: 173554
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Next, I downloaded and ran Combo-Fix.

ComboFix 10-12-26.01 - Babette 27/12/2010 0:25.2.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1790.1254 [GMT 1:00]
Lancé depuis: c:\documents and settings\Babette\Mes documents\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
c:\program files\Microsoft Security Essentials\msseces.exe
c:\program files\QuickTime\qttask.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-11-26 au 2010-12-26 ))))))))))))))))))))))))))))))))))))
.

2010-12-26 10:17 . 2010-12-26 10:17 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-12-21 07:34 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9275C562-7DCD-4BB4-BFD1-F4E4F2B7329D}\mpengine.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2008-07-09 09:29 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-10 04:33 . 2010-07-02 18:58 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-06 00:21 . 2008-05-13 09:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2008-05-13 09:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2008-04-13 17:34 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2008-04-13 17:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-13 09:57 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:14 . 2008-04-13 17:31 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:07 . 2008-04-13 16:58 1853440 ----a-w- c:\windows\system32\win32k.sys
2010-10-21 07:41 . 2010-10-21 07:41 196 ----a-w- c:\documents and settings\Babette\Application Data\18104.bat
2010-10-21 07:41 . 2010-10-21 07:41 196 ----a-w- c:\documents and settings\Babette\Application Data\31165.bat
2010-10-19 20:51 . 2010-07-01 20:40 222080 ------w- c:\windows\system32\MpSigStub.exe
.


((((((((((((((((((((((((((((( SnapShot@2010-12-26_22.48.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-26 23:23 . 2010-12-26 23:23 16384 c:\windows\Temp\Perflib_Perfdata_204.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{410A2A01-AD87-4caf-9759-C5FFC15E27B7}]
2010-10-21 07:40 146432 ----a-w- c:\documents and settings\Babette\Local Settings\Application Data\WisePick\wisepiie.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cobian Backup 9"="c:\program files\Cobian Backup 9\Cobian.exe" [2009-01-22 579584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [N/A]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [N/A]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk
backup=c:\windows\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 06:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\Pixart\Pac207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 09:34 5724184 ----a-w- c:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 06:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-19 07:24 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20001:UDP"= 20001:UDP:MicroSAN

R0 ZetSFD;ZetSFD;c:\windows\system32\drivers\ZetSFD.sys [27/07/2008 19:06 12800]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [19/07/2008 00:33 3712]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;c:\windows\system32\drivers\sfsz.sys [27/07/2008 19:06 345984]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15:41 92008]
R2 Z-SANService;Z-SAN Service;c:\program files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [27/07/2008 19:06 376891]
R3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [04/01/2009 12:56 505984]
R3 ZetBus;Zetera Virtual Bus;c:\windows\system32\drivers\ZetBus.sys [27/07/2008 19:06 15488]
S2 gupdate1c9ed2fade039a0;Service Google Update (gupdate1c9ed2fade039a0);c:\program files\Google\Update\GoogleUpdate.exe [14/06/2009 21:35 133104]
S3 ZetMPD;ZetMPD;c:\windows\system32\drivers\ZetMPD.sys [27/07/2008 19:06 5120]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 20:35]

2010-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 20:35]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-27 00:32
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500320AS rev.SD15 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T1L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4C3555]<<
c:\docume~1\Babette\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a4c97b0]; MOV EAX, [0x8a4c982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A54EAB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000063[0x8A4E3F18]
5 ACPI[0xB9F7E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A552940]
\Driver\atapi[0x8A4D4400] -> IRP_MJ_CREATE -> 0x8A4C3555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T1L0-3 -> \??\IDE#DiskST3500320AS_____________________________SD15____#5&34fa4dfd&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A4C339B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-12-27 00:35:17
ComboFix-quarantined-files.txt 2010-12-26 23:35
ComboFix2.txt 2010-12-26 22:53

Avant-CF: 13 315 276 800 octets libres
Après-CF: 13 308 428 288 octets libres

- - End Of File - - 376B05DF173D1780596F665C10D050AE

At this point, the machine is still rootkitted, the desktop icons are all locked.

What is the next step?

Thanks! Christian

OK, I ran ComboFix again just to make sure nothing had changed (it hadn't):

ComboFix 10-12-26.01 - Babette 28/12/2010 21:08:32.3.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1790.1254 [GMT 1:00]
Lancé depuis: c:\documents and settings\Babette\Mes documents\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-11-28 au 2010-12-28 ))))))))))))))))))))))))))))))))))))
.

2010-12-28 19:49 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B621BFC6-ABE9-47F2-9857-3E24AC2A9D15}\mpengine.dll
2010-12-26 10:17 . 2010-12-26 10:17 -------- d-----r- c:\documents and settings\NetworkService\Favoris

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-10-22 18:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-10-22 18:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2008-07-09 09:29 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-10 04:33 . 2010-07-02 18:58 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-06 00:21 . 2008-05-13 09:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2008-05-13 09:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2008-04-13 17:34 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2008-04-13 17:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-13 09:57 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:14 . 2008-04-13 17:31 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:07 . 2008-04-13 16:58 1853440 ----a-w- c:\windows\system32\win32k.sys
2010-10-21 07:41 . 2010-10-21 07:41 196 ----a-w- c:\documents and settings\Babette\Application Data\18104.bat
2010-10-21 07:41 . 2010-10-21 07:41 196 ----a-w- c:\documents and settings\Babette\Application Data\31165.bat
2010-10-19 20:51 . 2010-07-01 20:40 222080 ------w- c:\windows\system32\MpSigStub.exe
.


((((((((((((((((((((((((((((( SnapShot@2010-12-26_22.48.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-28 20:06 . 2010-12-28 20:06 16384 c:\windows\Temp\Perflib_Perfdata_5e8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{410A2A01-AD87-4caf-9759-C5FFC15E27B7}]
2010-10-21 07:40 146432 ----a-w- c:\documents and settings\Babette\Local Settings\Application Data\WisePick\wisepiie.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cobian Backup 9"="c:\program files\Cobian Backup 9\Cobian.exe" [2009-01-22 579584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [N/A]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [N/A]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk
backup=c:\windows\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 06:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\Pixart\Pac207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 09:34 5724184 ----a-w- c:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 06:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-19 07:24 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20001:UDP"= 20001:UDP:MicroSAN

R0 ZetSFD;ZetSFD;c:\windows\system32\drivers\ZetSFD.sys [27/07/2008 19:06 12800]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [19/07/2008 00:33 3712]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;c:\windows\system32\drivers\sfsz.sys [27/07/2008 19:06 345984]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15:41 92008]
R2 Z-SANService;Z-SAN Service;c:\program files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [27/07/2008 19:06 376891]
R3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [04/01/2009 12:56 505984]
R3 ZetBus;Zetera Virtual Bus;c:\windows\system32\drivers\ZetBus.sys [27/07/2008 19:06 15488]
S2 gupdate1c9ed2fade039a0;Service Google Update (gupdate1c9ed2fade039a0);c:\program files\Google\Update\GoogleUpdate.exe [14/06/2009 21:35 133104]
S3 ZetMPD;ZetMPD;c:\windows\system32\drivers\ZetMPD.sys [27/07/2008 19:06 5120]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 20:35]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 20:35]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-28 21:15
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500320AS rev.SD15 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T1L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4F3555]<<
c:\docume~1\Babette\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a4f97b0]; MOV EAX, [0x8a4f982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A566AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000063[0x8A55D490]
5 ACPI[0xB9F7E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A51E940]
\Driver\atapi[0x8A550030] -> IRP_MJ_CREATE -> 0x8A4F3555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T1L0-3 -> \??\IDE#DiskST3500320AS_____________________________SD15____#5&34fa4dfd&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A4F339B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-12-28 21:18:27
ComboFix-quarantined-files.txt 2010-12-28 20:18
ComboFix2.txt 2010-12-26 23:35
ComboFix3.txt 2010-12-26 22:53

Avant-CF: 13 283 405 824 octets libres
Après-CF: 13 274 161 152 octets libres

- - End Of File - - C391493FB32132257C440B86FBC7E1D9

Hello.

Please download TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory.